WIFI Credential Dumping: Techniques to retrieve the PSK from a workstation post-compromise - r-tec Cyber Security
https://www.r-tec.net/r-tec-blog-wifi-credential-dumping.html
Rattling the cage of a Sidewinder | StrikeReady Blog
https://blog.strikeready.com/blog/rattling-the-cage-of-a-sidewinder/
GraphSpy – The Swiss Army Knife for Attacking M365 & Entra | Spotit insights
https://insights.spotit.be/2024/04/05/graphspy-the-swiss-army-knife-for-attacking-m365-entra/
From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware
https://thehackernews.com/2024/04/from-pdfs-to-payload-bogus-adobe.html
Acuity confirms hackers stole non-sensitive govt data from GitHub repos
https://www.bleepingcomputer.com/news/security/acuity-confirms-hackers-stole-non-sensitive-govt-data-from-github-repos/
BlackGirlsHack - BlackGirlsHack
https://www.blackgirlshack.org/
New Latrodectus malware replaces IcedID in network breaches
https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-replaces-icedid-in-network-breaches/
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
Academics reckon Apple's default apps have privacy pitfalls • The Register
https://go.theregister.com/feed/www.theregister.com/2024/04/05/apple_apps_privacy_study/
New HTTP/2 DoS attack can crash web servers with a single connection
https://www.bleepingcomputer.com/news/security/new-http-2-dos-attack-can-crash-web-servers-with-a-single-connection/
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks
https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html
Panera Bread week-long IT outage caused by ransomware attack
https://www.bleepingcomputer.com/news/security/panera-bread-week-long-it-outage-caused-by-ransomware-attack/
Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains | Akamai
https://buff.ly/3TQ5LT6
Costin Raiu on the XZ Utils Backdoor Investigation - Security Conversations
https://securityconversations.com/episode/costin-raiu-on-the-xz-utils-backdoor-investigation/
detections/M365_Oauth_Apps/MaliciousOauthAppDetections.json at main · randomaccess3/detections · GitHub
https://github.com/randomaccess3/detections/blob/main/M365_Oauth_Apps%2FMaliciousOauthAppDetections.json
Visa warns of new JSOutProx malware variant targeting financial orgs
https://www.bleepingcomputer.com/news/security/visa-warns-of-new-jsoutprox-malware-variant-targeting-financial-orgs/
Magento Vulnerability Exploited to Deploy Persistent Backdoor - SecurityWeek
https://www.securityweek.com/magento-vulnerability-exploited-to-deploy-persistent-backdoor/
Pixel Phone Zero-Days Exploited by Forensic Firms - SecurityWeek
https://www.securityweek.com/pixel-phone-zero-days-exploited-by-forensic-firms/
Fake Facebook MidJourney AI page promoted malware to 1.2 million people
https://www.bleepingcomputer.com/news/security/fake-facebook-midjourney-ai-page-promoted-malware-to-12-million-people/
Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz - SecurityWeek
https://www.securityweek.com/ivanti-ceo-vows-cybersecurity-makeover-after-zero-day-blitz/
Don’t Trust the Cache: Exposing Web Cache Poisoning and Deception vulnerabilities | by Anas H Hmaidy | Apr, 2024 | Medium
https://anasbetis023.medium.com/dont-trust-the-cache-exposing-web-cache-poisoning-and-deception-vulnerabilities-3a829f221f52
US cancer center data breach exposes info of 827,000 patients
https://www.bleepingcomputer.com/news/security/us-cancer-center-data-breach-exposes-info-of-827-000-patients/
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html
Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and Webshells)
https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-sysprep-issue-behind-0x80073cf2-errors/
20220201-linux-persistence.pdf
https://pberba.github.io/assets/posts/common/20220201-linux-persistence.pdf
GitHub - ReconInfoSec/web-traffic-generator: A quick and dirty HTTP/S "organic" traffic generator.
https://github.com/ReconInfoSec/web-traffic-generator
Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info - SecurityWeek
https://www.securityweek.com/acuity-responds-to-us-government-data-theft-claims-says-hackers-obtained-old-info/